Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Paulmoore123

Paulmoore123

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 23 July 2008 - 02:51 PM

My sister downloaded some file from seriall.com

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-23 20:27:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2008-07-23 18:23:28 UTC - RP298 - Restore Operation
11: 2008-07-23 18:11:16 UTC - RP297 - Installed Java Runtime Environment
10: 2008-07-23 18:08:39 UTC - RP296 - Installed Java™ 6 Update 7
9: 2008-07-23 00:45:51 UTC - RP295 - Scheduled Checkpoint
8: 2008-07-21 11:59:06 UTC - RP294 - Installed DirectX 9.0


-- First Restore Point --
1: 2008-07-16 23:10:53 UTC - RP283 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-23 20:38:29
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\MDM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Desktop\dss.exe
C:\Windows\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: War Rock Toolbar Helper - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:\Program Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {146196d3-449d-4bbb-9004-83b3da91db8a} - {a8bd19ad-3b38-4009-bbb4-d9443d691641} - C:\Windows\System32\yxbrga.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\Program Files\AMPED\AMPED Toolbar\wphtlb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: War Rock Toolbar - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - C:\Program Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O3 - Toolbar: &WARROCK.PH TOOLBAR - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\Program Files\AMPED\AMPED Toolbar\wphtlb.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [88cffb16] rundll32.exe "C:\Windows\system32\xglwqhnw.dll",b
O4 - HKLM\..\Run: [BM8bfcc88a] Rundll32.exe "C:\Windows\system32\fctwieue.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Holdem Genius Auto Attacher.lnk = C:\Program Files\Holdem Genius\HG_Watcher.exe
O4 - Startup: Tournament Shark.lnk = C:\Program Files\Poker Pro Labs\Tournament Shark\TournamentShark.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PokerManager.lnk = C:\Program Files\PokerManager\PokerManager\Client.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) - http://download.signgate.com/download/comm...wsinstaller.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 11595 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 npkcrypt - \??\c:\nexon\maplestory\npkcrypt.sys
R3 npkcusb - \??\c:\nexon\maplestory\npkcusb.sys

S0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
S3 wuzyolbh - \??\c:\users\paul\desktop\glider\wuzyolbh.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38AD8530&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38AD8530&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-07-23 05:00:00 544 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Paul.job


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 19:51:04 0 d------c- C:\Windows\system32\DRVSTORE
2008-07-22 18:02:04 0 d-------- C:\Fraps
2008-07-21 12:40:42 0 d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-21 12:40:28 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-21 12:32:03 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-07-20 19:53:13 0 d-------- C:\Users\All Users\Codemasters
2008-07-20 19:39:44 0 d-------- C:\Program Files\Codemasters
2008-07-19 22:51:39 32549 --a------ C:\Windows\king-uninstall.exe
2008-07-18 18:35:11 89779 --a------ C:\Windows\system32\mgvntstl.dll
2008-07-18 18:33:29 93696 --a------ C:\Windows\system32\fctwieue.dll
2008-07-18 18:23:45 102912 --a------ C:\Windows\system32\yxbrga.dll
2008-07-18 18:23:43 102912 --a------ C:\Windows\system32\rwiimcvb.dll
2008-07-18 18:17:43 89779 --a------ C:\Windows\system32\wankdutb.dll
2008-07-18 18:15:15 93696 --a------ C:\Windows\system32\edvllckv.dll
2008-07-17 22:01:51 0 d-------- C:\Users\All Users\PokerAcademyPro2
2008-07-17 21:59:51 102912 --a------ C:\Windows\system32\tftqai.dll
2008-07-17 21:59:50 102912 --a------ C:\Windows\system32\vdajknkw.dll
2008-07-17 21:27:26 102912 --a------ C:\Windows\system32\anfhysal.dll
2008-07-17 21:24:32 86027 --a------ C:\Windows\system32\xksnqjyu.dll
2008-07-17 21:24:24 93696 --a------ C:\Windows\system32\tycwnbky.dll
2008-07-17 20:54:52 0 d-------- C:\Program Files\PokerAcademyPro2
2008-07-17 17:33:51 0 d-------- C:\Program Files\TexasCalculatem
2008-07-16 21:28:37 102400 --a------ C:\Windows\system32\ssghdv.dll
2008-07-16 21:28:35 102400 --a------ C:\Windows\system32\khqbnkkd.dll
2008-07-16 21:25:42 89779 --a------ C:\Windows\system32\qghkspct.dll
2008-07-15 21:53:54 0 d-------- C:\Program Files\PartyGaming.Net
2008-07-15 21:53:10 0 d-------- C:\Program Files\PartyGaming
2008-07-15 21:48:09 0 d-------- C:\Program Files\Poker Skins
2008-07-15 20:21:38 0 d-------- C:\Program Files\Pokerbility
2008-07-15 20:10:46 0 d-------- C:\Program Files\LuckyAcePoker.com
2008-07-15 11:58:34 0 d--h----- C:\Program Files\Zero G Registry
2008-07-15 11:58:34 0 d-------- C:\Program Files\PokerSchool Software
2008-07-14 20:41:47 0 d-------- C:\Program Files\Poker Evolver
2008-07-14 16:52:45 0 d-------- C:\Poker
2008-07-14 13:41:33 0 d-------- C:\Program Files\Full Tilt Poker
2008-07-14 13:28:54 0 d--h----- C:\Users\Administrator\InstallAnywhere
2008-07-13 23:24:23 0 d-------- C:\Program Files\Poker Pro Labs
2008-07-13 20:37:51 0 d-------- C:\Program Files\SNGShark
2008-07-13 16:41:21 0 d-------- C:\Program Files\Holdem Genius
2008-07-13 16:06:02 0 d-------- C:\Program Files\PokerManager
2008-07-13 12:39:05 0 d-------- C:\Users\All Users\NVIDIA
2008-07-12 23:06:06 0 d-------- C:\Program Files\PokerStrategy
2008-07-08 21:28:22 0 d-------- C:\Program Files\MyProduct
2008-07-03 13:28:12 0 d-------- C:\Program Files\Poker-Spy
2008-07-02 22:54:07 0 d-------- C:\Users\All Users\Kontiki
2008-07-02 22:54:07 0 d-------- C:\Program Files\Kontiki
2008-07-02 22:53:57 0 d-------- C:\logs3
2008-07-02 21:35:59 0 d-------- C:\Users\All Users\ZangoSA
2008-07-02 21:35:59 0 d-------- C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-07-02 21:35:52 0 d-------- C:\Program Files\Zango
2008-07-02 21:35:30 0 d-------- C:\Program Files\ShoppingReport
2008-07-02 17:48:19 0 d-------- C:\Program Files\Poker Indicator
2008-07-01 20:40:49 23 --a------ C:\Users\Administrator\jagex_runescape_preferences.dat
2008-06-27 22:28:15 0 d-------- C:\Programs
2008-06-25 20:31:55 0 dr------- C:\Users\Administrator\Searches
2008-06-25 20:31:39 0 dr------- C:\Users\Administrator\Contacts
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\Templates
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\Start Menu
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\SendTo
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\Recent
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\PrintHood
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\NetHood
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\My Documents
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\Local Settings
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\Cookies
2008-06-25 20:31:04 0 d--hs---- C:\Users\Administrator\Application Data
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Videos
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Saved Games
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Pictures
2008-06-25 20:31:03 2097152 --ahs---- C:\Users\Administrator\NTUSER.DAT
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Music
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Links
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Favorites
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Downloads
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Documents
2008-06-25 20:31:03 0 dr------- C:\Users\Administrator\Desktop
2008-06-25 20:31:03 0 d--h----- C:\Users\Administrator\AppData
2008-06-24 18:54:41 0 d-------- C:\Program Files\PKR


-- Find3M Report ---------------------------------------------------------------

2008-07-23 19:52:54 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-07-23 19:11:06 0 d-------- C:\Program Files\Java
2008-07-23 18:48:23 0 d-------- C:\Program Files\SwiftKit
2008-07-23 18:33:07 0 d-------- C:\Program Files\Common Files\Steam
2008-07-23 18:32:52 0 d-------- C:\Program Files\Steam
2008-07-22 18:13:58 0 d-------- C:\Users\Administrator\AppData\Roaming\DivX
2008-07-21 12:41:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-21 12:31:31 0 d-------- C:\Users\Administrator\AppData\Roaming\DAEMON Tools
2008-07-20 19:48:54 0 d-------- C:\Program Files\OpenAL
2008-07-17 20:59:22 0 d-------- C:\Users\Administrator\AppData\Roaming\PokerAcademyPro2
2008-07-17 09:51:51 0 d-------- C:\Program Files\FlashGet
2008-07-16 18:54:18 0 d-------- C:\Program Files\World of Warcraft
2008-07-15 21:58:02 66 --a------ C:\Users\Administrator\AppData\Roaming\AVSDVDPlayer.m3u
2008-07-13 23:23:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 01:28:25 0 d-------- C:\Users\Administrator\AppData\Roaming\Xfire
2008-07-12 22:54:37 0 d-------- C:\Program Files\Xfire
2008-07-10 21:49:07 0 d-------- C:\Program Files\Microsoft Games
2008-07-10 21:47:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-10 03:11:19 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 03:01:38 0 d-------- C:\Program Files\Windows Mail
2008-07-04 11:03:04 0 d-------- C:\Users\Administrator\AppData\Roaming\Adobe
2008-07-02 23:28:39 0 d-------- C:\Users\Administrator\AppData\Roaming\Real
2008-07-02 21:35:56 0 d-------- C:\Users\Administrator\AppData\Roaming\WeatherDPA
2008-07-02 21:35:52 0 d-------- C:\Users\Administrator\AppData\Roaming\Zango
2008-06-30 17:05:46 0 d-------- C:\Program Files\WarRock
2008-06-25 21:36:10 0 d-------- C:\Users\Administrator\AppData\Roaming\Google
2008-06-25 21:34:46 0 d-------- C:\Users\Administrator\AppData\Roaming\WinRAR
2008-06-25 20:36:24 0 d-------- C:\Users\Administrator\AppData\Roaming\Macromedia
2008-06-25 20:35:27 0 d-------- C:\Users\Administrator\AppData\Roaming\Mozilla
2008-06-25 20:32:27 0 d-------- C:\Users\Administrator\AppData\Roaming\Symantec
2008-06-25 20:32:09 0 d-------- C:\Users\Administrator\AppData\Roaming\FlashGet
2008-06-25 20:32:01 0 d-------- C:\Users\Administrator\AppData\Roaming\BullGuard
2008-06-25 20:31:45 0 d-------- C:\Users\Administrator\AppData\Roaming\Identities
2008-06-22 18:02:42 0 d-------- C:\Program Files\NoLimits Coasters v1.6
2008-06-22 18:01:10 0 d-------- C:\Program Files\Terragen
2008-06-14 22:58:50 0 d-------- C:\Program Files\Google
2008-06-12 22:18:47 0 d-------- C:\Program Files\Common Files
2008-06-12 22:18:47 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-06-10 17:20:44 0 d-------- C:\Program Files\Atari
2008-06-09 22:16:18 0 d-------- C:\Program Files\Neopets
2008-06-02 17:35:27 0 d-------- C:\Program Files\Project64 1.6
2008-06-01 22:45:23 0 d-------- C:\Program Files\Hells Kitchen
2008-06-01 22:35:34 0 d-------- C:\Program Files\bfgclient
2008-05-31 23:11:17 0 d-------- C:\Program Files\Cheat Engine
2008-05-31 01:27:00 0 d-------- C:\Program Files\InstallShield
2008-05-31 01:15:42 0 d-------- C:\Program Files\Web Publish
2008-05-30 18:13:36 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-27 16:17:59 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 16:17:42 0 d-------- C:\Program Files\MSXML 4.0
2008-05-26 22:41:36 0 d-------- C:\Program Files\SignGATE
2008-05-24 14:33:53 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-24 14:16:05 0 d-------- C:\Program Files\AMPED
2008-05-03 17:18:36 231035 --a------ C:\Windows\War_Rock_Toolbar_Uninstaller_9546.exe <Not Verified; K2Network; War Rock Toolbar>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25/08/2007 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
31/01/2008 08:11 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8bd19ad-3b38-4009-bbb4-d9443d691641}]
18/07/2008 18:23 102912 --a------ C:\Windows\system32\yxbrga.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 04:51 316784]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [17/07/2008 12:27 691656]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [16/07/2007 16:58]
"RtHDVCpl"="RtHDVCpl.exe" [23/03/2007 12:04 C:\Windows\RtHDVCpl.exe]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [02/02/2007 18:09]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [22/11/2006 02:08]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [06/02/2007 00:52]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/01/2008 14:15]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [25/09/2007 09:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [22/03/2008 00:18]
"ZangoOE"="C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe" [23/05/2008 08:12]
"ZangoSA"="C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe" [23/05/2008 08:55]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [17/09/2007 08:07]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [17/09/2007 08:07]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [17/09/2007 08:07]
"88cffb16"="C:\Windows\system32\xglwqhnw.dll" []
"BM8bfcc88a"="C:\Windows\system32\fctwieue.dll" [18/07/2008 18:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 04:01]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [02/02/2007 18:09]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/01/2008 23:15]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 17:56]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [17/07/2008 13:20]

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [17/04/2008 00:08:36]
Holdem Genius Auto Attacher.lnk - C:\Program Files\Holdem Genius\HG_Watcher.exe [13/07/2008 16:41:21]
Tournament Shark.lnk - C:\Program Files\Poker Pro Labs\Tournament Shark\TournamentShark.exe [04/06/2008 17:03:20]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23/10/2006 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23/10/2006 00:01:50]
PokerManager.lnk - C:\Program Files\PokerManager\PokerManager\Client.exe [16/04/2008 12:52:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\ddcbawUN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
BullGuard BgMainSvc BsFileScan BsMailProxy


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09ba84eb-5719-11dd-b374-00016c19f3ea}]
AutoRun\command- D:\autorun.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - IPFILTERDRIVER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-23 20:43:45 ------------

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 07 August 2008 - 04:26 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

If you are still in need of assistance, please scan again with Deckard's System Scanner and post a fresh log.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#3 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 15 August 2008 - 12:09 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users